package inventory.config.shiro;

import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import java.io.Serializable;

public class MySessionManager extends DefaultWebSessionManager {

    @Override
    protected Serializable getSessionId(ServletRequest request, ServletResponse response) {

        //        return super.getSessionId(request, response);

        /*
         * 修改原本的从cookie中获取sessionId，因为前后端分离，在登录时无法把cookie发送给前端。
         * 所以在登录时，把sessionId发送给前端，让前端在以后请求的requestHeader中加入Authorization，里面存放session
         * 并且在此处重写sessionId的获取方法，改为从requestHeader中获取
         *
         * 注意：shiro的session 和 servlet的session sessionId是相同的
         */
        HttpServletRequest httpServletRequest = (HttpServletRequest)request;

//        System.out.println("shiro的sessionid为："+httpServletRequest.getHeader("Authorization"));

        return httpServletRequest.getHeader("Authorization");

    }
}
